US10915596B2 - Method and apparatus of processing invalid user input search information - Google Patents

Method and apparatus of processing invalid user input search information Download PDF

Info

Publication number
US10915596B2
US10915596B2 US15/671,364 US201715671364A US10915596B2 US 10915596 B2 US10915596 B2 US 10915596B2 US 201715671364 A US201715671364 A US 201715671364A US 10915596 B2 US10915596 B2 US 10915596B2
Authority
US
United States
Prior art keywords
request
url
search
invalid
response
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US15/671,364
Other versions
US20170357727A1 (en
Inventor
Lewis Thomas Donzis
John Anthony Murphy
Jonathan Elliott Schmidt
Henry Michael Donzis
Peter Wayne Baron
Lee Carl Ziegenhals
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
PerfTech Inc
Original Assignee
PerfTech Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by PerfTech Inc filed Critical PerfTech Inc
Priority to US15/671,364 priority Critical patent/US10915596B2/en
Assigned to SCHMIDT, EDWARD, TWO SIGMA HOLDINGS VC ACQUISITION VEHICLE I, LLC reassignment SCHMIDT, EDWARD SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PERFTECH, INC.
Assigned to PERFTECH, INC. reassignment PERFTECH, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BARON, PETER WAYNE, DONZIS, HENRY MICHAEL, DONZIS, LEWIS THOMAS, MURPHY, JOHN ANTHONY, SCHMIDT, JONATHAN ELLIOTT, ZIEGENHALS, LEE CARL
Publication of US20170357727A1 publication Critical patent/US20170357727A1/en
Application granted granted Critical
Priority to US17/171,984 priority patent/US11580185B2/en
Publication of US10915596B2 publication Critical patent/US10915596B2/en
Priority to US18/169,168 priority patent/US20230195822A1/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/2814
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/563Data redirection of data network streams
    • H04L61/1511
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Definitions

  • One embodiment of the present invention may include a method of processing a user initiated request for information.
  • the method may include receiving a user initiated request including a uniform resource locator (URL) submitted to a web browser application.
  • the method may also include receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage, and blocking a subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request.
  • URL uniform resource locator
  • ISPs now use products that sit in front of the DNS server and capture the DNS responses, and when they respond with an NXDOMAIN, those products instead return the IP address of a search landing page with advertisements that are sponsored by third party affiliates.
  • This scenario provides ISPs with about a buck per year for each subscriber as added revenue.
  • all such ISPs are required to accommodate users for with the replacement of the NXDOMAIN message by redirecting them to a fake landing page address which causes disruption.
  • Such a default redirection of the users' search requests are generally regarded as unsatisfactory to the users.
  • the terms CHEAP and PATENT were entered as two separated words into an address bar of a web browser.
  • the search engine recognized that the URL was not formatted correctly and was not a well-formed URL.
  • the search was automatically sent to a search engine that was configured as the default-configured search provider.

Abstract

A method and apparatus of processing a user initiated request for information is disclosed. The method may provide receiving a user initiated request including a uniform resource locator (URL) submitted to a web browser application and receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage. The method may also include blocking a subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request.

Description

CROSS REFERENCE TO RELATED APPLICATIONS
The present invention is a continuation and claims the benefit and priority of patent application Ser. No. 14/456,126, titled METHOD AND APPARATUS OF PROCESSING INVALID USER INPUT SEARCH INFORMATION, filed on Aug. 11, 2014, issued on Aug. 8, 2017, U.S. Pat. No. 9,727,658, which is a continuation of patent application Ser. No. 13/217,076, titled METHOD AND APPARATUS OF PROCESSING INVALID USER INPUT SEARCH INFORMATION, filed on Aug. 24, 2011, issued on Aug. 12, 2014, U.S. Pat. No. 8,806,004, the entire contents of which are incorporated by reference herein.
TECHNICAL FIELD OF THE INVENTION
This invention relates to a method and apparatus of processing user input information, such as website addresses, and, more particularly, to interpreting and resolving the errors generated by invalid web address and web search entries submitted to a web browser application's address bar.
BACKGROUND OF THE INVENTION
Consumers seeking access to information often rely on the Internet as a quick and easy source of information. In recent years, the speed and accuracy of a web search or web address submission to a web browser has become increasingly simple for the end user to execute. In fact, web browsers and corresponding web search engines often have backend tools and applications that correct user input search information seamlessly with or without the user's approval.
The corrective actions performed by the browser application and/or the search engine may provide an easy alternative to requiring the user to re-enter a web address or any portion of a search string set of terms or phrases. However, the corrective measures taken by the web browser, the search engine and/or the Internet service provider (ISP) are often biased and do not always provide the end user with the most relevant information pertaining to the user's requested search criteria. For example, the user may be searching for a particular subject and may enter the subjective content as a word or phrase into a search engine, or may enter the content into the web address portion of the web browser without knowing an exact web address corresponding to the desired content. As a result, the search criteria may be return an invalid result since it did not positively identify a known web address.
The invalid entry of website information or related web search information in the browser's address bar may pose an opportunity for the ISP, the search engine and/or the browser to transfer the request to a landing page or sponsored website link page, which may or may not be related to the search criteria entered by the user. The reason for invoking the redirect of the search criteria is a monetary opportunity for the ISP, the browser company and/or the search engine to capitalize on the user's inability to locate the correct destination website. The emerging business of redirecting website requests to sponsored landing pages is a multi-million dollar business that generates profits from redirecting the user's searches or invalid website entries to web pages that are often undesirable to the user and/or unrelated to the user's search criteria.
SUMMARY OF THE INVENTION
One embodiment of the present invention may include a method of processing a user initiated request for information. The method may include receiving a user initiated request including a uniform resource locator (URL) submitted to a web browser application. The method may also include receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage, and blocking a subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request.
Another example embodiment of the present invention may include an apparatus configured to process a user initiated request for information. The apparatus may include a receiver configured to receive a user initiated request including a uniform resource locator (URL) submitted to a web browser application and receive a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage. The apparatus may also include a processor configured to block a subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request.
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 illustrates an example user initiated web page search according to example embodiments of the present invention
FIG. 2 illustrates an example network configuration according to example embodiments of the present invention.
FIG. 3 illustrates a network entity that may include memory, software code and other computer processing hardware, and which may be configured to perform operations according to example embodiments of the present invention.
FIG. 4 illustrates a flow diagram of an example method of operation according to example embodiments of the present invention.
 DETAILED DESCRIPTION OF THE INVENTION
It will be readily understood that the components of the present invention, as generally described and illustrated in the figures herein, may be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of a method, apparatus, and system, as represented in the attached figures, is not intended to limit the scope of the invention as claimed, but is merely representative of selected embodiments of the invention.
The features, structures, or characteristics of the invention described throughout this specification may be combined in any suitable manner in one or more embodiments. For example, the usage of the phrases “example embodiments”, “some embodiments”, or other similar language, throughout this specification refers to the fact that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present invention. Thus, appearances of the phrases “example embodiments”, “in some embodiments”, “in other embodiments”, or other similar language, throughout this specification do not necessarily all refer to the same group of embodiments, and the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
In addition, while the term “message” has been used in the description of embodiments of the present invention, the invention may be applied to many types of network data, such as packet, frame, datagram, etc. For purposes of this invention, the term “message” also includes packet, frame, datagram, and any equivalents thereof. Furthermore, while certain types of messages and signaling are depicted in exemplary embodiments of the invention, the invention is not limited to a certain type of message, and the invention is not limited to a certain type of signaling.
Certain vendors' products are intended to capture a web browser's connection to the Internet when the browser attempts to browse for what appears to be a well-formatted webpage and corresponding uniform resource locator (URL). However, the result of an invalid web address submitted as a website retrieval request may obtain a “NXDOMAIN” type HTTP response from the domain name server (DNS). This type of response may, in turn, yield a visual error result for the user (i.e., ERROR—the domain does not exist).
A number of consumer Internet service providers (ISPs) such as Cablevision's Optimum Online, Comcast, Time Warner, Cox Communications, RCN, Rogers, Charter Communications, Verizon, Virgin Media, Frontier Communications, Bell Sympatico, UPC, T-Online, Optus, Mediacom, ONO (Spain), and Bigpond (Telstra) may implement domain name server (DNS) hijacking for their own purposes, such as displaying advertisements or collecting statistics. This practice may violate the RFC standard for DNS (NXDOMAIN) responses, and can potentially open users to cross-site scripting attacks.
Redirecting website or Internet search requests can be less intrusive allowing a DNS server, provided by a service, such as OpenDNS to intercept and block known sites known to be malicious or known to have content which the user wishes to block, etc. The provider of the DNS server may charge a fee for this service, or also promote advertisements, collect statistics, etc. DNS hijacking is commonly implemented around hijacking a NXDOMAIN response. Internet and intranet applications rely on the NXDOMAIN response to describe the condition where the DNS has no entry (match) for the specified host. A NXDOMAIN response informs the application that the name is invalid and usually informs the user that an error has occurred. However, if the domain name is queried on non-compliant ISPs, the end user would always receive a fake IP address belonging to the ISP.
When browsing within a web browser, this forceful redirecting of the user's inquiry can be annoying or offensive as connections to this IP address display the ISP redirect page of the provider, sometimes with advertising, instead of a proper error message. However, other applications that rely on the NXDOMAIN error will instead attempt to initiate connections to this spoofed IP address, potentially exposing sensitive information. It is the nature of the implementation of TCP/IP to issue a DNS request that is independent of any information that could be used to determine the activity or program in the device that issued the request. Consequently, many other connection-oriented activities, such as virtual private network (VPNs), are disrupted and often rendered broken by these types of communications.
One example method of operation may include detecting a browser-automatic-redirection of a user initiated search attempt from the browser's address bar. When the search is input into the browser address bar directly, the URL must be in a standard format or else an error is almost inevitably received. These browser-automatic-redirection of a user initiated search attempts are generally not from regular searches entered into the search engine pages, such as provided on the home page of Google, Bing, or Yahoo.
Another example embodiment may include only observe the upstream HTTP traffic, detect the occurrence of the above-noted activity, and cause the user's browser to be redirected to an ISP-designated landing page with the original search term accompanying the redirection to provide relevant search results along with other information.
FIG. 1 illustrates an example web browser according to example embodiments. Referring to FIG. 1, the address bar 112 of a web browser 110 is being used to initiate a search for a user inputted message of “Mary Had a Little Lamb.” Clearly, such a long phrase is not likely to be recognized by the search engine or corresponding DNS server as a pre-stored web address. Some web browsers will recognize this input as a false URL, and will respond with an error message 114 indicating that the DNS server has found the web address to be invalid. Other web browsers operating in default configuration (e.g., Internet Explorer®) will take the input “Mary had a little Lamb” and submit it to a search engine, such as BING® or Google®. The result may be a page of suggestions and related advertisements, which are motivated by a pre-existing business agreement. If the user observes and clicks on any of the sponsored links related to the landing page, one or more entities will profit from the user's selection of the sponsored link.
Some vendors have a filter enabled before the DNS server that resolves the inputted web address information. In this case, the generated “NXDOMAIN” message will be discovered in the overhead search data and the user's query will be automatically redirected to a bogus URL that goes to a monetizing landing page. Landing pages are usually almost entirely unrelated to the search criteria and may produce bogus results which the end user will find unsatisfactory as a response to an attempt to find a relevant website.
Example embodiments of the present invention include examining a URL that has been modified by a browser to be forwarded to a specific search engine and/or in response to encountering an anomaly responsive to obtaining the IP address of the URL domain. In general, the modified URL may be filtered since it has certain characteristics that are recognizable.
According to one example, if search engine specific searches are captured at the ISP and sent to a bogus landing page, customers may complain and the search engine companies may also complain. Examples of certain web browsers may include, Internet Explorer versions (i.e., IE6, IE7, IE8), Firefox versions, Chrome versions, different default engines, etc. Browser modified searches, are performed automatically under certain error conditions. These modified searches are the types of searches that take the user input information, intercept the NXDOMAIN error message and modify the original error information to redirect the search to comply with the corresponding search engine instead of returning an error message. In each of these browser modified search examples, there are no REFERER HTTP parameters in the overhead data of the search information. The browsers do not have a procedure for discovering when a user initiated input string entered into the address bar is not a well-formed domain, and as a result the browser does not attempt to resolve the invalid DNS address. In this example, a NXDOMAIN HTTP response message will not be presented before submitting the string in the address bar to a default landing page, which can also be utilized by a search engine to produce some customized landing page search results and monetized advertising.
When visiting a webpage, the referrer or referring page may be the URL of the previous webpage from which a link was followed. A referrer is the URL of a previous item which led to a subsequent webpage or search request. The referrer for an image, for example, is generally the HTML page on which it is to be displayed. The referrer field (intentionally misspelled as REFERER) is an optional part of the HTTP request sent by the web browser to the web server.
A REFERER refers to the webpage that initiated the search and the word, REFERER, is submitted to the search engine as part of the normally hidden header block of a user initiated search, which includes the user agent fingerprint we used. However, a browser modified search of a non-recognizable URL does not include a REFER parameter when the browser modifies an automated search. The browser modified search modifies the original user input search or query for a particular URL. In general, any user initiated search or webpage request that is initially submitted to a web browser will almost always generate a REFER parameter when the domain name of the URL cannot be resolved.
According to example embodiments, a filter is configured to filter the website request data. The filter may be a packet filter that is used to examine received packet information for certain HTTP request information. The information in the website request data is examined for the existence of a REFERER message. If the REFERER message is present, then that particular request is left alone. This ensures that the search engines and ISPs are not violating the RFC committee rules or creating problems for the Internet search engines. However, if the message is a web browser modified search that does not include the REFERER parameter then that particular query is blocked so that the efforts of the browser to redirect the invalid search results to a landing page or other third party information source is stopped. In other words, the search filtering application according to example embodiments will allow the passing of the questionable URLs or initially invalid URLs entered by the user (e.g., those that could have been intentionally entered to search for something specific). Those search initiated URLs that are allowed to pass from the ISP to the Internet and subsequent search engines, etc., include the REFERER parameter as part of the HTTP request (e.g., in the header).
Implementing a check for a REFERER parameter in a browser request header provides one example way to distinguish original user initiated queries from browser modified queries. Two common instances when an Internet user with a web browser performs a search for a term may be when typing the search into a Google, Yahoo or Bing search box or home page, or into a separate search box on some other search-enabled webpage that is provided for the convenience of the visitor to perform a search directly from that webpage (e.g., a small search box on an otherwise established webpage CNN, MSN, etc.).
FIG. 2 illustrates an Internet search network configuration according to example embodiments. Referring to FIG. 2, the end user 200 may type a search into the address bar of the web browser 110 (as illustrated in FIG. 1), which is where a URL inquiry normally is placed. The search is sent from the user's personal computer/workstation 202, or may instead be sent from a comparable mobile computing device, such as a tablet computing device, smartphone, PDA, etc. If the domain name URL does not exist according to the local DNS server 212, then an NXDOMAIN HTTP response may be received at the ISP 210 over the Internet and forwarded to the end user 200. The NXDOMAIN HTTP response may be a response from the DNS server 212 that it cannot resolve the request. When this response is received, the ISP 210 resubmits (redirects) the request to the default-configured search provider, which may be configured in the web browser. For example, for current versions of Internet Explorer the default search provider is BING, and for Firefox, it's Google. The web browser may recognize invalid or impossible domain names and may proceed to skip the lookup procedure and instead send the request directly to BING or a user-selected default provider.
Most ISPs now use products that sit in front of the DNS server and capture the DNS responses, and when they respond with an NXDOMAIN, those products instead return the IP address of a search landing page with advertisements that are sponsored by third party affiliates. This scenario provides ISPs with about a buck per year for each subscriber as added revenue. However, all such ISPs are required to accommodate users for with the replacement of the NXDOMAIN message by redirecting them to a fake landing page address which causes disruption. Such a default redirection of the users' search requests are generally regarded as unsatisfactory to the users.
Fewer user mistakes are reported back to the user as more browsers response responds with predetermined links from an invalid webpage, the browser history and/or the favorites bar, etc. Users are increasingly implementing the address bar as a tool from which to initiate a search. The newer search related applications are redirecting all invalid web address requests to a search provider, which directs them to a facility that examines the search request and tries to determine if it came from an automatically generated search related to the address bar of the web browser. Alternatively, the search may have been originated from a search engine home page, (Google). If the search is examined and the data reveals that it is an automatic search from the address bar, the user may be redirected to the ISP's monetizing landing page.
According to example embodiments, the URL request is examined closely via a filter to examine the URL request directly without redirecting the user's request to a third party landing page and without having to look at the DNS traffic. The patterns for requests automatically generated by the web browser usually appear differently from those that come from other intentional search boxes or home pages.
According to one example, the terms CHEAP and PATENT were entered as two separated words into an address bar of a web browser. The search engine recognized that the URL was not formatted correctly and was not a well-formed URL. As a result, the search was automatically sent to a search engine that was configured as the default-configured search provider.
The dialog from the web browser was analyzed by a protocol analyzer, and the result is included below.
  GET/
  search?source=ig&hl=en&rlz=&q=cheap+patent&btnG=Google+Search&aq=f&aqi=
g-v1g-b1&aql=&oq= HTTP/1.1
  Host: www.google.com
  User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0.1)
  Gecko/20100101 Firefox/4.0.1
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/;q=0.8
  Accept-Language: en-us,en;q=0.5
  Accept-Encoding: gzip, deflate
  Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
  Keep-Alive: 115
  Connection: keep-alive
  Referer: http://www.google.com/ig?hl=en
  Cookie:
 PREF=ID=162ec2c30fca3a3d:U=415e2783207dd2be:TM=1308507183:LM=130850718
 3:S=7PJ9YHYENVdLxphJ;
 NID=48=ILnd9NzontdZdikvop08LIjb6Kh3Xski60vfQIAMonJOChYyvxjbgTm7ZMOI
 3NCUv953lRjlCnFXrpUdTkRlMAlX2u1T2duafB6Uk3RnYuWqZ2BVnB-
 eW3gLHQVhaqH;  SID=DQAAALoAAAB9LcIuT--sMdWjkoggdHkze-
 6wwOl3pWkZ7qyowyVraiEKXGM37baZeHsenv05RWgoQTLQWoDLm4pGAwDjRn
 VNCEGvo5XeKH14yC4vgS8rdDXtVIq4ag20eRlWB9CF0BxLQUaRW4QyUHvXHH
 W6mkdGYjZB3-aLmJzkhnBgOzPgyCx52DyXkKS2-
 YavomA0gCSjWG5gqS1izB3HuK-pxjBWo1jqFjzKGQuE_2px-
 ZgOmoC8782mEfpnybrkrwWLbEo; HSID=AAMxYgzQTmoflsnK7.
The first line is the GET (after the first forward slash) with the various data included with CHEAP and PATENT in the GET and the host will send it to the second line of a search engine. Identifying the unique address bar-generated pattern of information and the ability to extract the search words (in this example right after “&q=”) that makes this search intercepting application operate correctly.
Below is an example of an Internet Explorer address bar entry that would be sent to Google, but identified by this application. As may be observed about ⅔ of the way down captured data, a reference to “Referer: http://www.google.com/ig?hl=en” indicates that the webpage that was used to enter the search for CHEAP and PATENT. In this example, the search engine was Google's homepage. Given the data provided above, this could not have been an address bar search query since REFERER was part of the dialog.
If the search request initiates directly from the browser's address bar, the web browsers do not send a REFERER. In this example, certain liberties may be taken since the REFERER parameter is not present. Since it is known that any of the home page searches or any of the GOOGLE search boxes included on third party webpages, for example, always have REFERER in the dialog. An automatic search from the address bar does not include any REFERER parameter. Capturing more address bar searches which have been modified by the web browser and do not have a REFERER parameter can limit the amount of landing page redirects and other browser modified activity that end user may find unsatisfactory.
If the REFERER parameter is not present in the intercepted/filtered search initiated data and it matches a predetermined pattern stored in the application itself for the more common web browsers (e.g., IE6, IE7, IE8, IE9, XP, Vista, WIN7, Firefox versions, Chrome versions, etc.)
Some web browser versions, for example, do not discriminate between the in-browser search box and the browser search address bar. In those browser versions, it may be desired to avoid a redirection since the user is intentionally using a specially marked search box provided by the website. As a result, the issued HTTP request can be examined by trial and error to determine which browser-initiated automatic searches performed from the address bar are distinct in address bar only user initiated searches.
The operations of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a computer program executed by a processor, or in a combination of the two. A computer program may be embodied on a computer readable medium, such as a storage medium. For example, a computer program may reside in random access memory (“RAM”), flash memory, read-only memory (“ROM”), erasable programmable read-only memory (“EPROM”), electrically erasable programmable read-only memory (“EEPROM”), registers, hard disk, a removable disk, a compact disk read-only memory (“CD-ROM”), or any other form of storage medium known in the art.
An exemplary storage medium may be coupled to the processor such that the processor may read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (“ASIC”). In the alternative, the processor and the storage medium may reside as discrete components. For example, FIG. 3 illustrates an example network element 300, which may represent any of the above-described network components of FIG. 2.
As illustrated in FIG. 3, a memory 310 and a processor 320 may be discrete components of the network entity 300 that are used to execute an application or set of operations. The application may be coded in software in a computer language understood by the processor 320, and stored in a non-transitory computer readable medium, such as, the memory 310. Furthermore, a software module 330 may be another discrete entity that is part of the network entity 300, and which contains software instructions that may be executed by the processor 320. In addition to the above noted components of the network entity 300, the network entity 300 may also have a transmitter and receiver pair configured to receive and transmit communication signals (not shown).
One example method of processing a user initiated request for information may include examining a web browser's response data generated in response to a user initiated request including a uniform resource locator (URL) submitted by the user to the web browser application. In response, it may be determined by examination from the browser response data that the URL is an invalid URL that cannot be resolved to a corresponding webpage. In response, subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request may be blocked.
Some browsers operate by receiving the “NXDOMAIN” message and taking no action at all. Other browsers, such as IE and Chrome, respond when receiving a NXDOMAIN data parameter because the domain could not be resolved in the DNS. Generally, the additional operations performed by the browser are performed since the input information appeared to be a properly formatted web domain or URL. For example, by continuing to submit the unresolved (NXDOMAIN) URL to the search engine, the example embodiments of the present application will be readily invoked.
One example embodiment of the present invention may include a method of processing a user initiated request for information. The method may include receiving a user initiated request including a uniform resource locator (URL) submitted to a web browser application, at operation 402. The method may also include receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage, at operation 404 and blocking a subsequent attempt to transmit the user initiated request as a browser modified search request that includes modifications to the user initiated request, at operation 406.
While preferred embodiments of the present invention have been described, it is to be understood that the embodiments described are illustrative only and the scope of the invention is to be defined solely by the appended claims when considered with a full range of equivalents and modifications (e.g., protocols, hardware devices, software platforms etc.) thereto.

Claims (20)

What is claimed is:
1. A method, comprising:
receiving a request including a uniform resource locator (URL) at a web browser application;
receiving a response that the URL is an invalid URL;
identifying that the URL includes a hypertext transfer protocol (HTTP) request and does not include a REFERER message; and
blocking a subsequent attempt to transmit the request as a browser modified search request to avoid a redirect of the request based on the identification that the HTTP request does not include the REFERER message and based on a comparison of a pattern of a dialog from the web browser application to a stored predetermined pattern of information.
2. The method of claim 1, wherein the request is received as input to an address bar portion of the web browser application.
3. The method of claim 1, wherein receiving the response that the URL is an invalid URL comprises that the URL is an invalid URL that cannot be resolved to a corresponding webpage.
4. The method of claim 3, wherein receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage comprises receiving a NXDOMAIN HTTP parameter.
5. The method of claim 1, wherein the browser modified search request includes modifications to the request.
6. The method of claim 1, wherein the browser modified search request comprises at least part of the request.
7. The method of claim 1, wherein the request is received as input to a search box portion of a search-enabled web page.
8. An apparatus, comprising:
a receiver configured to:
receive a request including a uniform resource locator (URL) at a web browser application, and
receive a response that the URL is an invalid URL; and
a processor configured to:
identify that the URL includes a hypertext transfer protocol (HTTP) request and does not include a REFERER message, and
block a subsequent attempt to transmit the request as a browser modified search request to avoid a redirect of the request based on the identification that the HTTP request does not include the REFERER message and based on a comparison of a pattern of a dialog from the web browser application to a stored predetermined pattern of information.
9. The apparatus of claim 8, wherein the request is received as input to an address bar portion of the web browser application.
10. The apparatus of claim 8, wherein the receipt of the response that the URL is an invalid URL comprises that the URL is an invalid URL that cannot be resolved to a corresponding webpage.
11. The apparatus of claim 10, wherein the received message that the URL is an invalid URL that cannot be resolved to a corresponding webpage comprises a NXDOMAIN HTTP parameter.
12. The apparatus of claim 8, wherein the browser modified search request includes modifications to the request.
13. The apparatus of claim 8, wherein the browser modified search request comprises at least part of the request.
14. The apparatus of claim 8, wherein the request is received as input to a search box portion of a search-enabled web page.
15. A non-transitory computer readable storage medium comprising instructions that when executed causes a processor to perform:
receiving a request including a uniform resource locator (URL) at a web browser application;
receiving a response that the URL is an invalid URL;
identifying that the URL includes a hypertext transfer protocol (HTTP) request and does not include a REFERER message; and
blocking a subsequent attempt to transmit the request as a browser modified search request to avoid a redirect of the request based on the identification that the HTTP request does not include the REFERER message and based on a comparison of a pattern of a dialog from the web browser application to a stored predetermined pattern of information.
16. The non-transitory computer readable storage medium of claim 15, wherein the request is received as input to an address bar portion of the web browser application.
17. The non-transitory computer readable storage medium of claim 15, wherein receiving the response that the URL is an invalid URL comprises that the URL is an invalid URL that cannot be resolved to a corresponding webpage.
18. The non-transitory computer readable storage medium of claim 17, wherein receiving a response that the URL is an invalid URL that cannot be resolved to a corresponding webpage comprises receiving a NXDOMAIN HTTP parameter.
19. The non-transitory computer readable storage medium of claim 15, wherein the browser modified search request includes modifications to the request.
20. The non-transitory computer readable storage medium of claim 15, wherein the browser modified search request comprises at least part of the request.
US15/671,364 2011-08-24 2017-08-08 Method and apparatus of processing invalid user input search information Active 2032-05-12 US10915596B2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US15/671,364 US10915596B2 (en) 2011-08-24 2017-08-08 Method and apparatus of processing invalid user input search information
US17/171,984 US11580185B2 (en) 2011-08-24 2021-02-09 Method and apparatus of processing invalid user input search information
US18/169,168 US20230195822A1 (en) 2011-08-24 2023-02-14 Method and apparatus of processing invalid user input search information

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/217,076 US8806004B2 (en) 2011-08-24 2011-08-24 Method and apparatus of processing invalid user input search information
US14/456,126 US9727658B2 (en) 2011-08-24 2014-08-11 Method and apparatus of processing invalid user input search information
US15/671,364 US10915596B2 (en) 2011-08-24 2017-08-08 Method and apparatus of processing invalid user input search information

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US14/456,126 Continuation US9727658B2 (en) 2011-08-24 2014-08-11 Method and apparatus of processing invalid user input search information

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US17/171,984 Continuation US11580185B2 (en) 2011-08-24 2021-02-09 Method and apparatus of processing invalid user input search information

Publications (2)

Publication Number Publication Date
US20170357727A1 US20170357727A1 (en) 2017-12-14
US10915596B2 true US10915596B2 (en) 2021-02-09

Family

ID=47745287

Family Applications (5)

Application Number Title Priority Date Filing Date
US13/217,076 Active 2032-09-25 US8806004B2 (en) 2011-08-24 2011-08-24 Method and apparatus of processing invalid user input search information
US14/456,126 Active 2033-02-17 US9727658B2 (en) 2011-08-24 2014-08-11 Method and apparatus of processing invalid user input search information
US15/671,364 Active 2032-05-12 US10915596B2 (en) 2011-08-24 2017-08-08 Method and apparatus of processing invalid user input search information
US17/171,984 Active 2031-10-30 US11580185B2 (en) 2011-08-24 2021-02-09 Method and apparatus of processing invalid user input search information
US18/169,168 Pending US20230195822A1 (en) 2011-08-24 2023-02-14 Method and apparatus of processing invalid user input search information

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US13/217,076 Active 2032-09-25 US8806004B2 (en) 2011-08-24 2011-08-24 Method and apparatus of processing invalid user input search information
US14/456,126 Active 2033-02-17 US9727658B2 (en) 2011-08-24 2014-08-11 Method and apparatus of processing invalid user input search information

Family Applications After (2)

Application Number Title Priority Date Filing Date
US17/171,984 Active 2031-10-30 US11580185B2 (en) 2011-08-24 2021-02-09 Method and apparatus of processing invalid user input search information
US18/169,168 Pending US20230195822A1 (en) 2011-08-24 2023-02-14 Method and apparatus of processing invalid user input search information

Country Status (1)

Country Link
US (5) US8806004B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11580185B2 (en) * 2011-08-24 2023-02-14 Perftech, Inc Method and apparatus of processing invalid user input search information

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8108524B2 (en) * 2001-12-18 2012-01-31 Perftech, Inc. Internet connection user communications system
US7328266B2 (en) 2001-12-18 2008-02-05 Perftech, Inc. Internet provider subscriber communications system
WO2007050244A2 (en) 2005-10-27 2007-05-03 Georgia Tech Research Corporation Method and system for detecting and responding to attacking networks
US10027688B2 (en) 2008-08-11 2018-07-17 Damballa, Inc. Method and system for detecting malicious and/or botnet-related domain names
US8578497B2 (en) 2010-01-06 2013-11-05 Damballa, Inc. Method and system for detecting malware
US8826438B2 (en) 2010-01-19 2014-09-02 Damballa, Inc. Method and system for network-based detecting of malware from behavioral clustering
US8631489B2 (en) 2011-02-01 2014-01-14 Damballa, Inc. Method and system for detecting malicious domain names at an upper DNS hierarchy
US9936037B2 (en) * 2011-08-17 2018-04-03 Perftech, Inc. System and method for providing redirections
US9922190B2 (en) 2012-01-25 2018-03-20 Damballa, Inc. Method and system for detecting DGA-based malware
US10547674B2 (en) * 2012-08-27 2020-01-28 Help/Systems, Llc Methods and systems for network flow analysis
US9680861B2 (en) 2012-08-31 2017-06-13 Damballa, Inc. Historical analysis to identify malicious activity
US9894088B2 (en) 2012-08-31 2018-02-13 Damballa, Inc. Data mining to identify malicious activity
US10084806B2 (en) 2012-08-31 2018-09-25 Damballa, Inc. Traffic simulation to identify malicious activity
US9571511B2 (en) 2013-06-14 2017-02-14 Damballa, Inc. Systems and methods for traffic classification
US9497197B2 (en) * 2014-05-20 2016-11-15 Box, Inc. Systems and methods for secure resource access and network communication
US10243953B2 (en) 2014-05-20 2019-03-26 Box, Inc. Systems and methods for secure resource access and network communication
US9813421B2 (en) 2014-05-20 2017-11-07 Box, Inc. Systems and methods for secure resource access and network communication
US10270806B2 (en) * 2015-12-15 2019-04-23 Microsoft Technology Licensing, Llc Defense against NXDOMAIN hijacking in domain name systems
CN107436873B (en) * 2016-05-25 2021-05-07 北京奇虎科技有限公司 Website jumping method, device and transfer device
US10097568B2 (en) * 2016-08-25 2018-10-09 International Business Machines Corporation DNS tunneling prevention
KR102317616B1 (en) * 2017-01-23 2021-10-26 삼성전자주식회사 Electronic apparatus and accessing server method therof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040125149A1 (en) * 2002-12-30 2004-07-01 Eugene Lapidous Method and apparatus for managing display of popup windows
US20080222736A1 (en) * 2007-03-07 2008-09-11 Trusteer Ltd. Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks
US20080301139A1 (en) * 2007-05-31 2008-12-04 Microsoft Corporation Search Ranger System and Double-Funnel Model For Search Spam Analyses and Browser Protection
US20110208850A1 (en) * 2010-02-25 2011-08-25 At&T Intellectual Property I, L.P. Systems for and methods of web privacy protection
US20130054802A1 (en) * 2011-08-24 2013-02-28 Perftech, Inc. Method and apparatus of processing invalid user input search information

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060031394A1 (en) * 2004-04-20 2006-02-09 Tazuma Stanley K Apparatus and methods for transparent handling of browser proxy configurations in a network gateway device
US8856869B1 (en) * 2009-06-22 2014-10-07 NexWavSec Software Inc. Enforcement of same origin policy for sensitive data
US20110191664A1 (en) * 2010-02-04 2011-08-04 At&T Intellectual Property I, L.P. Systems for and methods for detecting url web tracking and consumer opt-out cookies

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040125149A1 (en) * 2002-12-30 2004-07-01 Eugene Lapidous Method and apparatus for managing display of popup windows
US20080222736A1 (en) * 2007-03-07 2008-09-11 Trusteer Ltd. Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks
US20080301139A1 (en) * 2007-05-31 2008-12-04 Microsoft Corporation Search Ranger System and Double-Funnel Model For Search Spam Analyses and Browser Protection
US20110208850A1 (en) * 2010-02-25 2011-08-25 At&T Intellectual Property I, L.P. Systems for and methods of web privacy protection
US20130054802A1 (en) * 2011-08-24 2013-02-28 Perftech, Inc. Method and apparatus of processing invalid user input search information
US8806004B2 (en) * 2011-08-24 2014-08-12 Perftech, Inc. Method and apparatus of processing invalid user input search information
US9727658B2 (en) * 2011-08-24 2017-08-08 Perftech, Inc. Method and apparatus of processing invalid user input search information

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"DNS Knowledge What is NXDomain (Non-Existent Domain)" Aug. 17, 2009 from dnsknowledge.com (Year: 2009). *
Argawal, Amitt "Stop OpenDNS From Redirecting Invalid URLs to their Search Pages" Aug. 4, 2008, from labnol.org (Year: 2008). *
Burns, Jesse "Cross Site Request Forgery An introduction to a common web application weakness" Version 1.2, Information Security Partners, 2007 (Year: 2007). *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11580185B2 (en) * 2011-08-24 2023-02-14 Perftech, Inc Method and apparatus of processing invalid user input search information
US20230195822A1 (en) * 2011-08-24 2023-06-22 Perftech, Inc. Method and apparatus of processing invalid user input search information

Also Published As

Publication number Publication date
US8806004B2 (en) 2014-08-12
US20140351690A1 (en) 2014-11-27
US20210165847A1 (en) 2021-06-03
US9727658B2 (en) 2017-08-08
US11580185B2 (en) 2023-02-14
US20170357727A1 (en) 2017-12-14
US20230195822A1 (en) 2023-06-22
US20130054802A1 (en) 2013-02-28

Similar Documents

Publication Publication Date Title
US11580185B2 (en) Method and apparatus of processing invalid user input search information
US20200396252A1 (en) Systems and methods for identifying phishing websites
US9083733B2 (en) Anti-phishing domain advisor and method thereof
US8024804B2 (en) Correlation engine for detecting network attacks and detection method
US8751601B2 (en) User interface that provides relevant alternative links
US20090064337A1 (en) Method and apparatus for preventing web page attacks
US8448241B1 (en) Browser extension for checking website susceptibility to cross site scripting
CN109274632B (en) Website identification method and device
Bin et al. A DNS based anti-phishing approach
US20090119769A1 (en) Cross-site scripting filter
US20130055403A1 (en) System for detecting vulnerabilities in web applications using client-side application interfaces
US20160337378A1 (en) Method and apparatus for detecting security of online shopping environment
EP2695357A1 (en) Systems, apparatus, and methods for mobile device detection
EP2132661A1 (en) System and method of blocking malicios web content
Krishnamurthy et al. Cat and mouse: Content delivery tradeoffs in web access
US20120296713A1 (en) System of Validating Online Advertising From Third Party Sources
Banerjee et al. SUT: Quantifying and mitigating url typosquatting
CN111541672A (en) Method and system for detecting security of HTTP (hyper text transport protocol) request
US20070156890A1 (en) Method for tracking network transactions
CN105635064A (en) CSRF attack detection method and device
US11082437B2 (en) Network resources attack detection
WO2020022456A1 (en) Information processing device, information processing method, and information processing program
US8838741B1 (en) Pre-emptive URL filtering technique
JP2005092564A (en) Filtering device
CN113742631B (en) CDN-based website picture anti-theft chain method

Legal Events

Date Code Title Description
AS Assignment

Owner name: TWO SIGMA HOLDINGS VC ACQUISITION VEHICLE I, LLC, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:PERFTECH, INC.;REEL/FRAME:043466/0500

Effective date: 20080911

Owner name: TWO SIGMA HOLDINGS VC ACQUISITION VEHICLE I, LLC,

Free format text: SECURITY INTEREST;ASSIGNOR:PERFTECH, INC.;REEL/FRAME:043466/0500

Effective date: 20080911

Owner name: SCHMIDT, EDWARD, NEW YORK

Free format text: SECURITY INTEREST;ASSIGNOR:PERFTECH, INC.;REEL/FRAME:043466/0500

Effective date: 20080911

AS Assignment

Owner name: PERFTECH, INC., TEXAS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DONZIS, LEWIS THOMAS;SCHMIDT, JONATHAN ELLIOTT;BARON, PETER WAYNE;AND OTHERS;REEL/FRAME:043470/0661

Effective date: 20110823

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE AFTER FINAL ACTION FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STCF Information on status: patent grant

Free format text: PATENTED CASE